+50
-12
lines changedFilter options
+50
-12
lines changed Original file line number Diff line number Diff line change
@@ -21,27 +21,30 @@ var certificateExpirationTimes = promauto.NewGaugeVec(
21 21
// Observe takes in a list of certs and emits its expiration times
22 22
func Observe(certs ...*x509.Certificate) {
23 23
for _, cert := range certs {
24 -
hostnames := cert.DNSNames
25 -
sort.Strings(hostnames)
26 -
labels := prometheus.Labels{
27 -
"serial_no": cert.SerialNumber.String(),
28 -
"cn": cert.Subject.CommonName,
29 -
"hostnames": strings.Join(hostnames, ","),
30 -
"ca": boolToBinaryString(cert.IsCA),
31 -
"server": containsKeyUsage(cert.ExtKeyUsage, x509.ExtKeyUsageServerAuth),
32 -
"client": containsKeyUsage(cert.ExtKeyUsage, x509.ExtKeyUsageClientAuth)}
33 -
certificateExpirationTimes.With(labels).Set(float64(cert.NotAfter.Unix()))
24 +
certificateExpirationTimes.With(getPrometheusLabels(cert)).Set(float64(cert.NotAfter.Unix()))
34 25
}
35 26
}
36 27 28 +
func getPrometheusLabels(cert *x509.Certificate) prometheus.Labels {
29 +
hostnames := append([]string(nil), cert.DNSNames...)
30 +
sort.Strings(hostnames)
31 +
return prometheus.Labels{
32 +
"serial_no": cert.SerialNumber.String(),
33 +
"cn": cert.Subject.CommonName,
34 +
"hostnames": strings.Join(hostnames, ","),
35 +
"ca": boolToBinaryString(cert.IsCA),
36 +
"server": hasKeyUsageAsBinaryString(cert.ExtKeyUsage, x509.ExtKeyUsageServerAuth),
37 +
"client": hasKeyUsageAsBinaryString(cert.ExtKeyUsage, x509.ExtKeyUsageClientAuth)}
38 +
}
39 + 37 40
func boolToBinaryString(val bool) string {
38 41
if val {
39 42
return "1"
40 43
}
41 44
return "0"
42 45
}
43 46 44 -
func containsKeyUsage(a []x509.ExtKeyUsage, x x509.ExtKeyUsage) string {
47 +
func hasKeyUsageAsBinaryString(a []x509.ExtKeyUsage, x x509.ExtKeyUsage) string {
45 48
for _, e := range a {
46 49
if e == x || e == x509.ExtKeyUsageAny {
47 50
return "1"
@@ -18,6 +18,7 @@ import (
18 18 19 19
"github.com/cloudflare/cfssl/helpers"
20 20
"github.com/cloudflare/cfssl/log"
21 +
"github.com/cloudflare/gokeyless/certmetrics"
21 22
"github.com/cloudflare/gokeyless/server"
22 23
)
23 24
@@ -272,7 +273,8 @@ func main() {
272 273
f.Close()
273 274
}
274 275
}
275 - 276 +
certs := gatherCerts()
277 +
certmetrics.Observe(certs...)
276 278
go func() {
277 279
log.Critical(s.MetricsListenAndServe(net.JoinHostPort("", strconv.Itoa(config.MetricsPort))))
278 280
}()
@@ -393,3 +395,36 @@ func verifyCSRAndKey() bool {
393 395 394 396
return true
395 397
}
398 + 399 +
// pemCertsFromFile reads PEM format certificates from a file.
400 +
func pemCertsFromFile(path string) []*x509.Certificate {
401 +
file, err := os.Open(path)
402 +
if err != nil {
403 +
log.Fatal(err)
404 +
}
405 +
pemData, err := ioutil.ReadAll(file)
406 +
if err != nil {
407 +
log.Fatal(err)
408 +
}
409 +
certs, err := helpers.ParseCertificatesPEM(pemData)
410 +
if err != nil {
411 +
log.Fatal(err)
412 +
}
413 +
return certs
414 +
}
415 + 416 +
func gatherCerts() []*x509.Certificate {
417 +
certPaths := []string{
418 +
config.CertFile,
419 +
config.CACertFile,
420 +
}
421 +
var allCerts []*x509.Certificate
422 +
for _, cPath := range certPaths {
423 +
if cPath == "" {
424 +
continue
425 +
}
426 +
pemCerts := pemCertsFromFile(cPath)
427 +
allCerts = append(allCerts, pemCerts...)
428 +
}
429 +
return allCerts
430 +
}
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4